On Sep 7, 2013, at 11:16 PM, Marcus D. Leech wrote:
> Jeff Schiller pointed out a little while ago that the crypto-engineering 
> community have largely failed to make end-to-end encryption easy to use.  
> There are reasons for that, some technical, some political, but it is 
> absolutely true that end-to-end encryption, for those cases where "end to 
> end" is the obvious and natural model, has not significantly materialized on 
> the Internet.  Relatively speaking, a handful of crypto-nerds use end-to-end 
> schemes for e-mail and chat clients, and so on, but the vast majority of the 
> Internet user-space?  Not so much.
I agree, but the situation is complicated.  Consider chat.  If it's one-to-one, 
end-to-end encryption is pretty simple and could be made simple to use; but 
people also want to chat rooms, which are a much more complicated key 
management problem - unless you let the server do the encryption.  Do you 
enable it only for one-to-one conversations?  Provide different interfaces for 
one-to-one and chat room discussions?

Even for one-to-one discussions, these days, people want transparent movement 
across their hardware.  If I'm in a chat session on my laptop and leave the 
house, I'd like to be able to continue on my phone.  How do I hand off the 
conversation - and the keys?  (What this actually shows is the complexity of 
defining "the endpoint".  From the protocol's point of view, the endpoint is 
first my laptop, then my phone.  From the user's point of view, the endpoint is 
 the user!  How do we reconcile these points of view?  Or does the difference 
go away if we assume the endpoint is always the phone, since it's always with 
me anyway?)

The same kinds of questions arise for other communications modalities, but are 
often more complex.  One-to-one voice?  Sure, we could easily end-to-end 
encrypt that.  But these days everyone expects to do conference calls.  
Handling those is quite a bit more complex.

There does appear to be some consumer interest here.  Apple found it worthwhile 
to advertise that iMessage - which is used in a completely transparent way, you 
don't even have to opt in for it to replace SMS for iOS to iOS messages - is 
end-to-end encrypted.  (And, it appears that it *is* end-to-end encrypted - but 
unfortunately key establishment protocols leave Apple with the keys - which 
allows them to provide useful services, like making your chat logs visible on 
brand new hardware, but also leaves holes of course.)  Silent Circle, among 
others, makes their living off of selling end-to-end encrypted chat sessions, 
but they've got a tiny, tiny fraction of the customer base Apple has.

I think you first need to decide *exactly* what services you're going to 
provide in a secure fashion, and then what customers are willing to do without 
(multi-party support, easy movement to new devices, backwards compatibility 
perhaps) before you can begin to design something new with any chance of 
                                                        -- Jerry

                                                        -- Jerry

The cryptography mailing list

Reply via email to